Google Removes 331 Risky Apps From The Play Store; All Have Been A Part Of Operation Vapor.
Safety researchers at Bitdefender, a corporation that specializes in cybersecurity, have flagged a huge ad fraud and phishing campaign concerning 331 malicious apps at the google Play Store.
Dubbed Vapor Operation, this fraudulent marketing campaign managed to skip security capabilities present in Android 13 and collectively has over 60 million downloads. The campaign was first observed in early 2024 by way of IAS Threat Lab, which to start with related one hundred eighty apps to the operation.
consistent with the researchers, the malicious apps masquerade as harmless equipment but secretly bombard users with intrusive advertisements, scouse borrow credentials, or even harvest credit score card information. In an announcement to BleepingComputer, google showed that "all of the recognized apps from this report had been removed from google Play." However, Bitdefender in its report notes that by the time the studies were completed, 15 apps were nevertheless to be had.
What is vapor operation?
The Vapor marketing campaign run by using cybercriminals has been lively since early 2024. It initially commenced as an ad fraud scheme. The IAS hazard lab at the start mentioned that the marketing campaign blanketed 180 apps that generated 200 million fraudulent ad requests day by day. These apps had been designed to drain advertisers' budgets via faux clicks.
In its brand-new record, Bitdefender notes that the malicious operation now has 331 apps throughout categories along with health trackers, QR scanners, beware-taking gear, and battery optimizers.
A number of these fraudulent apps include:
AquaTracker, ClickSave Downloader, and Test Hawk, each with 1 million downloads.
TranslateScan and BeatWatch, which have between 100,000 and 500,000 downloads.
Reportedly, those apps were uploaded to google Play between october 2024 and march 2025, mostly focused on users in Brazil, the US, Mexico, Turkey, and South Korea.
How the assault evaded detection
Even as malware attacks are said to happen every so often, the Vapor operation was particularly regarded as it controlled evasion of Google's safety features for Android.
According to the document, the apps bypassed Android safety checks by functioning as commercial apps at the time of submission. The malicious code was changed and brought later via updates from command-and-control (C2) servers.
After their installation, the apps disabled their launcher sports within the AndroidManifest.xml report, getting rid of their icons from domestic displays—a tactic banned in Android 13 and next versions. Some even renamed themselves in tool settings to mimic trusted apps like google Voice.
As soon as the apps took control of the system, they abused Android's touch content material issuer gadget to release without consumer interaction, bypassing Android thirteen regulations.
The apps then released complete-screen commercials that hijacked devices via a wallet PLATFORM' target='_blank' title='digital-Latest Updates, Photos, Videos are a click away, CLICK NOW'>digital secondary display screen, disabling the returned button and hiding from the "latest tasks" menu. A few apps even escalated to phishing, displaying faux login pages for Facebook, YouTube, and charge portals. This is a problem that customers in india have confronted regularly, specifically customers who aren't very tech-savvy.
While many apps focused on ad fraud, others focused on sufferers' touchy data. Many impacted users suggested being trapped in loops of commercials that could now not close or commercials that redirected to convincing phishing pages. In one case, apps falsely claimed that gadgets had been "inflamed" to stress customers into downloading extra malware.
How to stay safe
Although google has deleted most of these malware-infected apps, it is nonetheless crucial to take safety precautions whilst downloading apps from the Play Store and surfing the net. Here are some matters to follow:
Keep away from unnecessary apps: continually download apps from developers and scrutinize the permissions asked by the app.
Check the set-up apps: compare your app drawer with Settings > Apps > See All Apps to spot hidden malware.
Use safety equipment: allow protection tools like google Play Protect, which tests your apps and devices for dangerous behavior. It additionally runs a security take a look at on apps from the google Play Store earlier than you download them.
Update often: Make certain your Android OS and apps are up to date to patch vulnerabilities.
click and follow Indiaherald WhatsApp channel